Re: [fw-wiz] syslog and network management

On Mon, 3 Mar 2008, Darden, Patrick S. wrote:

UDP is a LOT faster than TCP. No ECC so it uses less cpu, less memory,
and has less of a memory footprint. If you were dropping a lot of UDP,
then TCP would not help at all--you would receive less, just more

First, Cisco routers drop UDP on overlaod before they drop TCP, so if your
log server isn't on the same subnet, that may mean TCP is a better choice
if you're getting flooded.

Second, it depends on your buffers with TCP, but at least you'd know on
the receiving end that you're dropping packets. With buffer tuning, you
may be able to withstand flooding the log server and catching up again.

Third, I'm pretty sure the RFCs say that UDP must default to checksumming

Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."

firewall-wizards mailing list